#indiewebcamp 2016-03-26

2016-03-26 UTC
acegiak, shiflett, gRegorLove, begriffs and tantek joined the channel
#
tantek https://www.change.org/p/keep-instagram-chronological
#
Loqi tantek: [shaners] left you a message 2 hours, 36 minutes ago: Just noticed that the Microformat page on Wikipedia could prolly use an updated re-write if you feel up to it sometime. https://en.wikipedia.org/wiki/Microformat http://indiewebcamp.com/irc/2016-03-25/line/1458945684951
#
tantek !tell shaners the microformat page on Wikipedia could certainly use a re-write but I'm not the person for it, being primary editor of all the new stuff and all. See: WP:NPOV
#
Loqi Ok, I'll tell him that when I see him next
#
KevinMarks https://ellacydawson.wordpress.com/2016/03/25/how-news-genius-silences-writers/
#
tantek dang
#
tantek "Because my blog is currently a free WordPress website, anyone can use Genius to annotate my posts without my control."
#
tantek "I see no way to report an annotation for abuse or harassment—perhaps that is only available for users?—and I see no way to block a user from annotating my content. "
#
tantek "Genius is officially worse than Twitter: I can block a user on Twitter, and they can then go and scribble whatever they want on my website using Genius."
#
tantek what is News Genius?
Lancey joined the channel
#
Loqi It looks like we don't have a page for "News Genius" yet. Would you like to create it? https://indiewebcamp.com/s/10Ge
#
gRegorLove That story has me so upset
#
Loqi gRegorLove: [shaners] left you a message 4 hours, 9 minutes ago: Yeah. I need to build up the redirects feature in Dark Matter better to handle the new URL scheme. (I’ve dropped the nth of day bit from my paths.) http://indiewebcamp.com/irc/2016-03-25/line/1458940357233
#
tantek KevinMarks ^^^ please start that page with a criticism section
#
tantek gRegorLove: did you see the comments?
#
tantek this in particular is disturbing:
#
tantek "The idea itself is actually fantastic, I think. The problem I see is the culture that is being set up there. "
#
tantek you cannot separate idea from culture
#
gRegorLove Yeah, I've been following the "annotations" in news genius.
#
KevinMarks News Genius is a silo that enables highlight and annotation of any webpage by prefixing it with genius.it or a plugin.
#
loqi.me created /News_Genius (+145) "prompted by tantek https://indiewebcamp.com/irc/2016-03-25/line/1458955290765 and dfn added by KevinMarks" (view diff)
#
Loqi ok
#
gRegorLove One of the annotators is actually a lead editor at News Genius
#
tantek it's not a "fantastic idea" if *existing culture* (which frankly, any tech developer / UX designer MUST study in order to design well) has a problem
#
tantek note that receiving and showing webmentions on your site *IS* opt-in
#
tantek unlike being framed by one of these centralized annotators
#
gRegorLove And you can present them as you like, too. Not like graffiti on top of your site.
#
tantek exactly
#
tantek hate to say it, but hypothes.is is vulnerable to the exact same form of attack
#
tantek bigbluehat: ^^^ FYI
#
gRegorLove I was researching ways to potentially detect a browser extension and preven it from working. http://stackoverflow.com/a/16803650
#
KevinMarks yes, though hypothes.is is default personal, not default public iirc
#
tantek that would help
#
tantek KevinMarks: that's worth figuring out and noting on /hypothes.is vs. /News_Genius
tantek joined the channel
#
tantek what is a SQS?
#
Loqi It looks like we don't have a page for "SQS" yet. Would you like to create it? https://indiewebcamp.com/s/10Gf
#
tantek what is Amazon SQS?
#
Loqi It looks like we don't have a page for "Amazon SQS" yet. Would you like to create it? https://indiewebcamp.com/s/10Gg
#
tantek what is SNS?
#
Loqi It looks like we don't have a page for "SNS" yet. Would you like to create it? https://indiewebcamp.com/s/10Gh
#
tantek what is a POST-callback?
#
Loqi It looks like we don't have a page for "POST-callback" yet. Would you like to create it? https://indiewebcamp.com/s/10Gi
#
tantek what is a Gateway Timeout?
#
Loqi It looks like we don't have a page for "Gateway Timeout" yet. Would you like to create it? https://indiewebcamp.com/s/10Gj
#
tantek what is php-fpm?
#
Loqi It looks like we don't have a page for "php-fpm" yet. Would you like to create it? https://indiewebcamp.com/s/10Gk
#
tantek what is a job queue?
#
Loqi It looks like we don't have a page for "job queue" yet. Would you like to create it? https://indiewebcamp.com/s/10Gm
#
kevinmarks.com edited /News_Genius (+2005) "add criticism links" (view diff)
#
tantek what is celery?
#
Loqi Celery is a Python-based tool for executing asynchronous background tasks, distributing tasks amongst many worker processes, and running scheduled or period tasks (via Celerybeat) https://indiewebcamp.com/Celery
#
tantek a-ha!
#
tantek what is Laravel?
#
Loqi Laravel is a PHP framework https://indiewebcamp.com/Laravel
#
gRegorLove SQS is /AWS
#
loqi.me created /SQS (+16) "prompted by tantek https://indiewebcamp.com/irc/2016-03-25/line/1458956070502 and dfn added by gRegorLove" (view diff)
#
Loqi ok
#
gRegorLove Amazon SQS is /AWS
#
loqi.me created /Amazon_SQS (+16) "prompted by tantek https://indiewebcamp.com/irc/2016-03-25/line/1458956093771 and dfn added by gRegorLove" (view diff)
#
Loqi ok
#
gRegorLove SNS is /AWS
#
loqi.me created /SNS (+16) "prompted by tantek https://indiewebcamp.com/irc/2016-03-25/line/1458956102526 and dfn added by gRegorLove" (view diff)
#
Loqi ok
#
gRegorLove everything is /AWS
yakker joined the channel
#
gRegorLove is done
#
gRegorLove Love the meme on /AWS
#
gRegorLove How to "Good question. Best practices based in selfdogfood personal sites welcome!"
#
tantek so much jargon soup
#
gregorlove.com edited /News_Genius (+58) "link, bookmaklet" (view diff)
#
tantek.com edited /AWS (+182) "/* How to */ expand the unknown a bit" (view diff)
#
tantek just for you gRegorLove ^^^ :)
#
gRegorLove Hehe
#
gRegorLove Yes, TBD! Another acronym.
#
tantek lol
#
tantek what is XML-RPC?
#
Loqi XML-RPC is a verbose use of XML to make API calls with HTTP https://indiewebcamp.com/XML-RPC
#
gRegorLove Re News Genius, I wonder if there's an http referrer that can be reliably blocked?
#
tantek indeed
#
KevinMarks no, they mirror the client signature
#
KevinMarks and they're on AWS so you can't block by IP either
#
tantek are they serving your content from their domain?
#
tantek like what about your CSS? are they serving that from their domain? JS? images?
#
tantek all kinds of security problems if they are doing that
#
KevinMarks no, they rewrite with a base so those load direct
#
gRegorLove They just deliver the HTML with injected JS, assets point to your domain
#
tantek directly from your server?!?
#
gRegorLove Oops, what KevinMarks said
#
gRegorLove Probably to "avoid" copyright? :shrug:
#
tantek then you should be able to serve *different* JS
#
tantek like JS that rewrite the page, deletes their annotations etc.
#
KevinMarks except you can't tell ti was them
#
KevinMarks you'd have to detect their JS with yours
#
gRegorLove Didn't test, but I recall someone in the Twitter thread put up a gist with some CSS that would apparently hide the News Genius overlay
#
tantek I thought that you could tell where a JS or image was being requested from
#
KevinMarks they're requested by the client
#
tantek the client sends a referer
#
tantek of the genius domain presumably
#
KevinMarks ah, yes
#
KevinMarks the proxied one doesn't though
#
KevinMarks so you could make a special genius.it poisoning script?
#
KevinMarks like an ad blocker detecter
#
tantek either they are serving your assetts from *their* domain (which is *very* risky, because then your scripts can operate from their security context, e.g. your scripts can grab THEIR session cookies), OR they are serving your assetts from *your* domain in which case you should see a different referer
#
KevinMarks right, they put a base in <head> <base href="http://svgur.com/s/q">
#
KevinMarks http://genius.it/svgur.com/s/q
#
Loqi google G
#
gRegorLove if (document.location.hostname == 'genius.it') { header.location = 'example.com' }
#
KevinMarks or better, strip off the genius..it prefix
#
tantek yep - like a frame buster
#
gRegorLove Yeah... testing.
#
KevinMarks that likely won't stop the browser plugin
#
gRegorLove What's the easiest way to replace the genius.it in the document.location?
#
KevinMarks top.location= ?
#
gRegorLove I meant the string replacement. Reading https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace
#
KevinMarks not sure how that would help Ella though as she's on wordpress.com so can't installs cripts afaik
#
gRegorLove It wouldn't, but it's a start
#
KevinMarks http://www.economist.com/news/special-report/21695192-social-media-now-play-key-role-collective-action-new-kind-weather
#
kylewm ?will shortz
#
kylewm nope
#
kevinmarks.com edited /News_Genius (+540) "/* Criticism */" (view diff)
#
KevinMarks what? "keep your JS/HTML/CSS payload under 1MB Keeping the JS payload below 750kb seems to be the key" https://blog.runspired.com/2016/03/25/the-chrome-distortion-chrome-alters-our-expectations-in-highly-negative-ways/
yakker, miklb, tantek and [kevinmarks] joined the channel
#
[kevinmarks] https://twitter.com/babeljs/status/713125243770970112?s=09
#
@babeljs "What are you doing?" "My code is compiling" "The language you code doesn't need to compile" "WELL WE MADE IT COMPILE ANYWAYS!" #babeljs (twitter.com/_/status/713125243770970112)
rrix and tantek joined the channel
#
kevinmarks.com edited /database-antipattern (+164) "/* Articles */" (view diff)
gRegorLove, Pierre-O, tay, j12t, rMdes and jayr joined the channel
#
@sl007 When #indiebookday is over lets https://indiewebcamp.com ... (twitter.com/_/status/713700619794694144)
Kopfstein, j12t, koray, wolftune, tantek and snarfed joined the channel
#
@manton2 Spent some time this morning experimenting with WordPress comments, Webmention, and Brid.gy. Not ready to ... http://www.manton.org/2016/03/3781.html (twitter.com/_/status/713750363124408320)
j12t joined the channel
#
tantek GWG ^^^ maybe ask him about the "formatting and readability"?
#
tantek (I'm assuming he's using your plugins :) )
snarfed joined the channel
#
GWG Will do.
miklb joined the channel
#
GWG Wait, are you suggesting it must be my plugins because of formatting issues or just because of the Wordpress connections
snarfed joined the channel
#
snarfed happy saturday #indiewebcamp!
#
snarfed merrily continues work on scraping instagram
#
tantek GWG, WordPress connections of course! I assume your plugins for indieweb building blocks are the most popular and thus most likely to be used :)
#
voxpelli happy saturday snarfed!
#
voxpelli last day of USA being 1 hour closer to Europe today, so make the most of it! :)
#
snarfed voxpelli: heh true! thanks!
#
miklb voxpelli when is the IWC you'll be attending?
#
voxpelli miklb: April 16-17: https://indiewebcamp.com/2016/Nuremberg
#
miklb cool.
#
miklb I will definitely have that jekyll theme done by then :-)
#
voxpelli nice :)
#
miklb my hurdle has been trying to find a design that isn't too opinionated yet still aesthetically pleasing for someone starting out
#
voxpelli totally a challenge
#
miklb I shouldn't say "find", rather pull together a design. I'm coding from scratch with influences
#
Loqi I agree
sebi and j12t joined the channel
#
KevinMarks OK, I have a genius.it defeating script, how do I publish it?
gRegorLove joined the channel
#
KevinMarks https://gist.github.com/kevinmarks/c31aabf1f6e29b13a794
#
KevinMarks I suppose the cool kids method is an npm module?
#
gRegorLove KevinMarks++
#
Loqi KevinMarks has 200 karma
#
KevinMarks there's probably a prettier way to mung the string, but it works
#
gRegorLove I was playing with just replacing the leading slash in document.location.pathname and changing the document.location to that, but it didn't work right.
#
gRegorLove Added to my site and it's working.
Garbee joined the channel
#
KevinMarks not sure about window vs document for this
#
bear KevinMarks++
#
Loqi KevinMarks has 201 karma
#
KevinMarks looks like window is preferred
#
KevinMarks docuement is for telling if you;re in a frame, which this isn't
#
KartikPrabhu wonders if all such things can be blocked instead of only genius.it
#
KevinMarks so do I make it a proper project?
#
KevinMarks that's harder KartikPrabhu, and I don't want to block everything like this
#
KartikPrabhu they have the same abuse potential
#
KevinMarks 'cos I can see there being a respectful one
#
KevinMarks I was thinking about making one with mentiontech and fragmentions
#
KartikPrabhu i mean the genius.it service itself is not bad, their users are though in at least that one case
#
miklb this wouldn't help a user on wp.com though, would it?
#
kylewm KartikPrabhu: I have to agree with what tantek said yesterday, you cannot separate the idea from the execution -- seems like they did not even consider the potential for abuse, cannot blame the users for that
#
bear can you make the "genius.it" part a variable and wrap it in a function that can be called? then people could include it in their <body> section with a parameter
#
KartikPrabhu kylewm: yes which is why I was asking about blocking all such services
#
KevinMarks https://github.com/kevinmarks/savant
#
KevinMarks sounds like a sensible change bear
#
bear then you can remove genius.it as the primary goal and make it one of the soon-to-be-many examples
#
KartikPrabhu KevinMarks: one potential way to circumvent your script, if people simply do a <script src="savant.js"> would be for genius.it to just block loading of that script name
#
KevinMarks sure, they can interfere with it, but then they are directly modifying your code
#
KartikPrabhu is it possible for genius.it to prevent window.location.replace ?
#
bear couldn't that be prevented by having the <script> part at the very end of your <body> section?
#
KevinMarks they're already rewriting your html and injecting js, so yes, they could
#
bear (asking the above knowing that I have zero browser loading of a page knowledge)
#
KartikPrabhu bear: yeah that is what I was suggesting. Put the entire script as code inside the body instead of linking it
#
KevinMarks that was what I did in my first test
#
bear even with inline they technically could replace the dom item - like was mentioned, they are already injecting code into the returned html
#
KartikPrabhu hmm
#
bear but to my thinking that opens them up to even *more* critisicm and scrutiny
#
KevinMarks right, the point is if they actively remove this they are clearly overriding the site author's intent
#
@billbennettnz Installed Bridgy on my https://billbennett.co.nz site to help manage comments through Webmentions. Thanks to @manton who put me on to this. (twitter.com/_/status/713802263328722944)
#
j4y_funabashi /* help
#
KevinMarks whats up j4y_funabashi ?
#
j4y_funabashi KevinMarks: nothing, just typed that into the wrong window :)
#
KevinMarks OK, good
#
KevinMarks I thought it was an emoticon I hadn't seen before
nitot joined the channel
#
KevinMarks feather duster emoticon?
#
KartikPrabhu fairy magic wand
#
voxpelli KevinMarks: maybe one could do something like: https://gist.github.com/voxpelli/0a6ef34a3766d99b0196 Comparing the hostname to reliable reference href
#
KevinMarks I suspect that might have side effects
#
KevinMarks like redirecting from translated pages?
#
voxpelli KevinMarks: right, remade it: https://gist.github.com/voxpelli/0a6ef34a3766d99b0196
#
KevinMarks hm, google doesn't suggest using canonical across languages
#
KevinMarks which I suppose fist their bizarre monoglot worldview
#
voxpelli I'm thinking it could be whatever string that would contain an absolute href, but better to just make use of the fact that Genius adds a base tag :)
#
KevinMarks hm, that would blow up on tantek I think
#
voxpelli does he use a base tag with a different domain than his own page?
#
KevinMarks ah, misread it
#
KevinMarks no, than thats OK
#
KevinMarks http://tantek.com/2016/085/t9/allegiant-beautiful-and-critics-wrong
#
Loqi [Tantek Çelik] a jpg#Allegiant was better than Insurgent. I liked it. Beautiful world-building and technoconcepts. The critics are wrong (about yet another scifi/future movie), including Rotten Tomatoes etc.
#
KevinMarks he has a base that goes up a level for his relative urls
#
voxpelli yeah, he is a good test case in that regard :)
nitot, tantek, jrenslin, terminalpixel and yakker joined the channel
#
kylewm lol, after all that, SQS doesn't support do pubsub, you have to poll the queue to find out if there are any jobs available
#
kylewm this may be why sknebel was saying SNS is what I wanted
#
loqi.me created /Amazon_Simple_Queue_Service (+148) "prompted by kylewm and dfn added by kylewm" (view diff)
#
kylewm.com edited /Amazon_SQS (+24) "Redirected page to [[Amazon Simple Queue Service]]" (view diff)
#
kylewm.com edited /SQS (+24) "Redirected page to [[Amazon Simple Queue Service]]" (view diff)
nitot joined the channel
#
loqi.me created /shared_host (+57) "prompted by kylewm and dfn added by kylewm" (view diff)
#
kylewm.com edited /Amazon_Simple_Queue_Service (+549) "make note that it does not support pubsub like you might naively expect if you are me." (view diff)
#
voxpelli kylewm: SQS do support long-polling though?
#
voxpelli That's how I have used SQS at least
#
kylewm.com edited /AWS (+108) "move "cryptic acronyms and jargon" to Criticism section" (view diff)
#
kylewm voxpelli: yep it does, but you still need a process running to do that long polling
#
voxpelli kylewm: yeah, but isn't that the case for most message queue systems?
#
voxpelli A webhook-like system can be easier to handle for PHP-like apps that has no worker setup though I guess
#
kylewm yep, that's what i'm looking for
#
kylewm for people running Known on shared hosting without the ability to run extra processes
#
voxpelli Um, AWS tools combined with shared hosting?
#
voxpelli To enable use of Lambda or?
#
kylewm (I can see the advantage of polling over push is that there are far fewer security concerns)
#
kylewm voxpelli: I'm not sure what you're asking. I want to add an asynchronous job queue for Known; I was thinking SQS was on possible way to make it possible on shared hosting
#
voxpelli Eg. RabbitMQ and such is also based around clients connecting to servers rather than other way around
#
voxpelli I would probably make an async job queue for PHP as a class with pluggable back ends where basic implementation is cron-based
#
voxpelli And enable having more advanced classes implement support for eg. German or RabbitMQ
#
voxpelli Cron feels like
#
voxpelli The ordinary solution in PHP for such problems
#
kylewm so if that's the case, I don't see a reason for jobs to be triggerd by an http request -- they can be a totally separate process and not worry about timeouts and stuff
#
KevinMarks 2 thoughts: 1. isn't this waht Convoy is for? https://withknown.com/convoy/
#
KevinMarks 2. if not quite, you can probably build something on appengine task queues that does what yo uwant
#
kylewm yeah I agree it's what convoy's for, but that's not something I have any control over
#
KevinMarks well, talk to ben about it
nitot joined the channel
#
KevinMarks another queue/bus thingy is https://cloud.google.com/pubsub/overview
#
KevinMarks which sounds a but like productised PuSH